nemo_flow.guardrails#

Global guardrail registration for tools and LLMs.

Guardrails can either sanitize data recorded on lifecycle events or reject a call before it runs.

In managed tools.execute() and llm.execute() flows, sanitize guardrails are observability-only: they change the payload written to emitted events, not the value passed to the user callback or returned to the caller.

Example:

import nemo_flow

def redact(tool_name, args):
    return {**args, "api_key": "***"}

nemo_flow.guardrails.register_tool_sanitize_request("redact", 10, redact)

Functions#

`register_tool_sanitize_request`(name, priority, guardrail)	Register a guardrail that sanitizes tool inputs for emitted start events.
`deregister_tool_sanitize_request`(name)	Remove a previously registered tool sanitize-request guardrail.
`register_tool_sanitize_response`(name, priority, guardrail)	Register a guardrail that sanitizes tool outputs for emitted end events.
`deregister_tool_sanitize_response`(name)	Remove a previously registered tool sanitize-response guardrail.
`register_tool_conditional_execution`(name, priority, ...)	Register a guardrail that can reject a tool call before execution.
`deregister_tool_conditional_execution`(name)	Remove a previously registered tool conditional-execution guardrail.
`register_llm_sanitize_request`(name, priority, guardrail)	Register a guardrail that sanitizes LLM requests for emitted start events.
`deregister_llm_sanitize_request`(name)	Remove a previously registered LLM sanitize-request guardrail.
`register_llm_sanitize_response`(name, priority, guardrail)	Register a guardrail that sanitizes LLM outputs for emitted end events.
`deregister_llm_sanitize_response`(name)	Remove a previously registered LLM sanitize-response guardrail.
`register_llm_conditional_execution`(name, priority, ...)	Register a guardrail that can reject an LLM call before execution.
`deregister_llm_conditional_execution`(name)	Remove a previously registered LLM conditional-execution guardrail.

Module Contents#

nemo_flow.guardrails.register_tool_sanitize_request( name: str, priority: int, guardrail: nemo_flow.ToolSanitizeGuardrail, ) → None#

Register a guardrail that sanitizes tool inputs for emitted start events.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(tool_name, args) that must return the sanitized payload to record on the emitted start event.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

In managed nemo_flow.tools.execute() flows, sanitize guardrails are observability-only. They change the payload written to events, not the arguments passed to the tool callback.

Example:

import nemo_flow

def redact(tool_name, args):
    return {**args, "api_key": "***"}

nemo_flow.guardrails.register_tool_sanitize_request("redact", 10, redact)

nemo_flow.guardrails.deregister_tool_sanitize_request(name: str) → bool#

Remove a previously registered tool sanitize-request guardrail.

Parameters:: name – Guardrail name previously passed to register_tool_sanitize_request().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.

nemo_flow.guardrails.register_tool_sanitize_response( name: str, priority: int, guardrail: nemo_flow.ToolSanitizeGuardrail, ) → None#

Register a guardrail that sanitizes tool outputs for emitted end events.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(tool_name, result) that must return the sanitized payload to record on emitted end events.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

This guardrail affects event payloads only. The caller still receives the original tool result.

nemo_flow.guardrails.deregister_tool_sanitize_response(name: str) → bool#

Remove a previously registered tool sanitize-response guardrail.

Parameters:: name – Guardrail name previously passed to register_tool_sanitize_response().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.

nemo_flow.guardrails.register_tool_conditional_execution( name: str, priority: int, guardrail: nemo_flow.ToolConditionalExecutionGuardrail, ) → None#

Register a guardrail that can reject a tool call before execution.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(tool_name, args). Return None to allow execution or a rejection message to block it.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

Conditional-execution guardrails run before request intercepts and before the tool callback is invoked.

nemo_flow.guardrails.deregister_tool_conditional_execution(name: str) → bool#

Remove a previously registered tool conditional-execution guardrail.

Parameters:: name – Guardrail name previously passed to register_tool_conditional_execution().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.

nemo_flow.guardrails.register_llm_sanitize_request( name: str, priority: int, guardrail: nemo_flow.LlmSanitizeRequestGuardrail, ) → None#

Register a guardrail that sanitizes LLM requests for emitted start events.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(request) that must return the sanitized request recorded on the emitted start event.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

In managed nemo_flow.llm.execute() and nemo_flow.llm.stream_execute() flows, this is observability-only and does not mutate the request forwarded to the provider callback.

Example:

import nemo_flow

def strip_auth(request):
    headers = {k: v for k, v in request.headers.items() if k.lower() != "authorization"}
    return nemo_flow.LLMRequest(headers, request.content)

nemo_flow.guardrails.register_llm_sanitize_request("strip-auth", 10, strip_auth)

nemo_flow.guardrails.deregister_llm_sanitize_request(name: str) → bool#

Remove a previously registered LLM sanitize-request guardrail.

Parameters:: name – Guardrail name previously passed to register_llm_sanitize_request().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.

nemo_flow.guardrails.register_llm_sanitize_response( name: str, priority: int, guardrail: nemo_flow.LlmSanitizeResponseGuardrail, ) → None#

Register a guardrail that sanitizes LLM outputs for emitted end events.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(response) that must return the sanitized payload recorded on the emitted end event.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

This guardrail changes only event payloads. The raw provider response returned to the caller is left unchanged.

nemo_flow.guardrails.deregister_llm_sanitize_response(name: str) → bool#

Remove a previously registered LLM sanitize-response guardrail.

Parameters:: name – Guardrail name previously passed to register_llm_sanitize_response().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.

nemo_flow.guardrails.register_llm_conditional_execution( name: str, priority: int, guardrail: nemo_flow.LlmConditionalExecutionGuardrail, ) → None#

Register a guardrail that can reject an LLM call before execution.

Parameters:

name – Unique guardrail name used for later replacement or removal.
priority – Execution order for the guardrail. Lower values run first.
guardrail – Callable invoked as guardrail(request). Return None to allow execution or a rejection message to block the call.

Returns:

This function returns after the guardrail is registered.

Return type:

None

Notes

Conditional-execution guardrails run before request intercepts, codecs, and provider execution.

nemo_flow.guardrails.deregister_llm_conditional_execution(name: str) → bool#

Remove a previously registered LLM conditional-execution guardrail.

Parameters:: name – Guardrail name previously passed to register_llm_conditional_execution().
Returns:: True if a guardrail was removed, otherwise False.
Return type:: bool

Notes

Removal affects only future executions. In-flight calls continue using the guardrail chain they already resolved.